Merge pull request #6 from dosAnjosGustavo/main

Update Privoxy base image to v4.0.0

Author: Tardo

.github/workflows/docker_auto.yml

@@ -1,7 +1,7 @@
 name: Automatic build on release and push to Docker Hub
 on:
   schedule:
-    - cron: '0 0 * * SUN'
+    - cron: "0 0 * * SUN"
   push:
     tags:
       - "[0-9]+.[0-9]+.[0-9]+"
@@ -11,13 +11,13 @@ jobs:
     uses: ./.github/workflows/test.yml
   main:
     runs-on: ubuntu-latest
-    needs: 
+    needs:
       - tests
     env:
       DOCKER_PLATFORMS: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/386
       DOCKER_IMAGE: ghtardo/docker-privoxy-https
-      LASTEST_VERSION: "3.0.34-2"
-      PRIVOXY_VERSION: "3.0.34"
+      LASTEST_VERSION: "4.0.0"
+      PRIVOXY_VERSION: "4.0.0"
     steps:
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -108,4 +108,4 @@ jobs:
       - name: Move cache
         run: |
           rm -rf /tmp/.buildx-cache
-          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

.github/workflows/test.yml

@@ -11,7 +11,8 @@ jobs:
   privoxy:
     strategy:
       matrix:
-        privoxy_version: [3.0.34]
+        privoxy_version: [4.0.0]
+        python-version: [3.12]
       fail-fast: false
     runs-on: ubuntu-latest
 
@@ -34,7 +35,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: "3.11"
+          python-version: 3.12
 
       - name: Install poetry
         uses: abatilo/actions-poetry@v2
@@ -47,4 +48,4 @@ jobs:
           poetry install
 
       - name: Run pytest
-        run: poetry run pytest --privoxy-version ${{ matrix.privoxy_version }} --no-cache -v
+        run: poetry run pytest --privoxy-version ${{ matrix.privoxy_version }} --no-cache -v

.gitignore

@@ -1,2 +1,4 @@
 __pycache__/
-tests/privoxy-ca-bundle.crt
+tests/privoxy-ca-bundle.crt
+/.pytest_cache
+/.venv

Dockerfile

@@ -14,7 +14,7 @@ RUN set -ex; \
     mkdir /var/lib/privoxy/; \
     chown privoxy:privoxy /var/lib/privoxy/;
 
-ARG PRIVOXY_VERSION=3.0.34
+ARG PRIVOXY_VERSION=4.0.0
 
 # Build Privoxy
 RUN set -eux; \
@@ -26,7 +26,7 @@ RUN set -eux; \
     apk add --no-cache --virtual build-deps \
         libc-dev \
         zlib-dev \
-        pcre-dev \
+        pcre2-dev \
         openssl-dev \
         brotli-dev; \
     mkdir -p /usr/local/src/privoxy-${PRIVOXY_VERSION}-stable; \
@@ -40,15 +40,19 @@ RUN set -eux; \
     make -s install USER=privoxy GROUP=privoxy; \
     chown -R privoxy:privoxy /usr/local/etc/privoxy/; \
     rm -rf /var/lib/privoxy/privoxy-src.tar.gz /usr/local/src/privoxy-${PRIVOXY_VERSION}-stable; \
-    apk del build-tools;
+    apk del build-tools build-deps;
 
 # Add system tools
-RUN apk add --no-cache --virtual sys-tools \
-        openssl \
-        python3 \
-        supervisor \
-        bash \
-        sed;
+RUN set -eux; \
+    apk add --no-cache --virtual runtime-deps \
+            openssl \
+            python3 \
+            pcre2 \
+            brotli \
+            supervisor \
+            bash \
+            sed \
+            net-tools;
 
 # Enable Privoxy HTTPS inspection
 RUN set -ex; \
@@ -60,22 +64,38 @@ COPY data/rules/ /usr/local/etc/privoxy/privman-rules/
 COPY data/supervisord.conf /usr/local/etc/privoxy/
 COPY data/config /usr/local/etc/privoxy/
 COPY data/privoxy-blocklist.conf /var/lib/privoxy/
-COPY bin/privman.py /var/lib/privoxy/
-COPY bin/privoxy-blocklist.sh /var/lib/privoxy/
+RUN set -eux; \
+    sed -i 's/\r$//' /var/lib/privoxy/privoxy-blocklist.conf
+COPY bin/privman.py /var/lib/privoxy/privman.py
+COPY bin/privoxy-blocklist.sh /var/lib/privoxy/privoxy-blocklist.sh
+RUN set -eux; \
+    # Remove CRLF (dos2unix) and ensure LF-only
+    sed -i 's/\r$//' /var/lib/privoxy/privoxy-blocklist.sh; \
+    # Make executable
+    chmod +x /var/lib/privoxy/privoxy-blocklist.sh; \
+    # (Re)create the symlink
+    ln -sf /var/lib/privoxy/privoxy-blocklist.sh /usr/local/bin/privoxy-blocklist
 COPY docker-entrypoint.sh /usr/local/bin/
+RUN sed -i 's/\r$//' /usr/local/bin/docker-entrypoint.sh \
+ && chmod +x /usr/local/bin/docker-entrypoint.sh
 
 # Set the correct permissions
 RUN set -ex; \
+    sed -i 's/\r$//' /var/lib/privoxy/privman.py /var/lib/privoxy/privoxy-blocklist.sh; \
+    head -1 /var/lib/privoxy/privman.py | grep -q '^#!' || \
+      sed -i '1i #!/usr/bin/env python3' /var/lib/privoxy/privman.py; \
     mkdir -p /usr/local/etc/privoxy/CA /usr/local/etc/privoxy/certs /usr/local/etc/privoxy/privman-rules; \
     chown -R privoxy:privoxy /usr/local/etc/privoxy/config /usr/local/etc/privoxy/CA /usr/local/etc/privoxy/certs /usr/local/etc/privoxy/privman-rules /var/lib/privoxy/privoxy-blocklist.conf; \
-    chmod a+x /var/lib/privoxy/privman.py /var/lib/privoxy/privoxy-blocklist.sh /usr/local/bin/docker-entrypoint.sh; \
-    ln -s /var/lib/privoxy/privman.py /usr/local/bin/privman; \
-    ln -s /var/lib/privoxy/privoxy-blocklist.sh /usr/local/bin/privoxy-blocklist;
+    chmod +x /var/lib/privoxy/privman.py; \
+    ln -sf /var/lib/privoxy/privman.py /usr/local/bin/privman; \
+    ln -sf /var/lib/privoxy/privoxy-blocklist.sh /usr/local/bin/privoxy-blocklist;
 
 ENV ADBLOCK_URLS="" \
     ADBLOCK_FILTERS=""
 
-ENTRYPOINT ["docker-entrypoint.sh"]
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+
+RUN cp -a /usr/local/etc/privoxy /opt/privoxy-default
 
 VOLUME /usr/local/etc/privoxy
 EXPOSE 8118/tcp

bin/privman.py

@@ -36,7 +36,14 @@ def generate_crt_bundle(subj, forced=False):
     ca_key_file = os.path.join(BASEDIR_CA, 'cakey.pem')
     if not os.path.isfile(ca_bundle_file) or forced:
         os.system(f"openssl ecparam -out {ca_key_file} -name secp384r1 -genkey")
-        os.system(f'openssl req -new -x509 -key {ca_key_file} -sha384 -days 3650 -out {ca_bundle_file} -extensions v3_ca -subj "{subj}"')
+        os.system(
+            f'openssl req -new -x509 '
+            f'-key {ca_key_file} -sha384 -days 3650 '
+            f'-out {ca_bundle_file} '
+            f'-subj "{subj}" '
+            f'-addext "basicConstraints=critical,CA:TRUE" '
+            f'-addext "keyUsage=critical,keyCertSign,cRLSign"'
+        )
         print_log("CRT Bundle", f"Generated successfully in '{ca_bundle_file}'") 
     else:
         print_log("CRT Bundle", "Nothing to do. The file already exists.")

data/config

@@ -1,4 +1,4 @@
-#        Sample Configuration File for Privoxy 3.0.34
+#        Sample Configuration File for Privoxy 4.0.0
 #
 # Copyright (C) 2001-2023 Privoxy Developers https://www.privoxy.org/
 #
@@ -791,7 +791,7 @@ logfile logfile
 #
 #        listen-address [::1]:8118
 #
-listen-address  :8118
+listen-address  0.0.0.0:8118
 #
 #  4.2. toggle
 #  ============

docker-entrypoint.sh

@@ -1,4 +1,11 @@
 #!/bin/sh
 set -e
 privman --init
+
+
+if [ ! -e /usr/local/etc/privoxy/config ] || [ -z "$(ls -A /usr/local/etc/privoxy)" ]; then
+  echo "[entrypoint] void config, populating defaults..."
+  cp -a /opt/privoxy-default/* /usr/local/etc/privoxy/
+fi
+
 exec "$@"